What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-17 10:21:02 | Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police (lien direct) | >A suspected leader of the Zeus cybercrime gang, Vyacheslav Igorevich Penchukov (aka Tank), was arrested by Swiss police. Swiss police last month arrested in Geneva Vyacheslav Igorevich Penchukov (40), also known as Tank, which is one of the leaders of the JabberZeus cybercrime group. “Vyacheslav “Tank” Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal […] | Guideline | ||
|
2022-11-17 07:58:03 | Iran-linked threat actors compromise US Federal Network (lien direct) | >Iran-linked threat actors compromised a Federal Civilian Executive Branch organization using a Log4Shell exploit and installed a cryptomining malware. According to a joint advisory published by the FBI and CISA, an Iran-linked APT group compromised a Federal Civilian Executive Branch (FCEB) organization using an exploit for the Log4Shell flaw (CVE-2021-44228) and deployed a cryptomining malware. Log4Shell impacts […] | Threat | ||
|
2022-11-16 22:02:34 | F5 fixed 2 high-severity Remote Code Execution bugs in its products (lien direct) | >Researchers at cybersecurity firm Rapid7 have identified several vulnerabilities and other potential security issues affecting F5 products. Rapid7 researchers discovered several vulnerabilities in F5 BIG-IP and BIG-IQ devices running a customized distribution of CentOS. The experts also discovered several bypasses of security controls that the security vendor F5 does not recognize as exploitable vulnerabilities. The […] | |||
|
2022-11-16 18:50:05 | Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs (lien direct) | >North Korea-linked Lazarus APT is using a new version of the DTrack backdoor in attacks aimed at organizations in Europe and Latin America. North Korea-linked APT Lazarus is using a new version of the DTrack backdoor to attack organizations in Europe and Latin America, Kaspersky researchers warn. DTrack is a modular backdoor used by the […] | APT 38 | ||
|
2022-11-16 11:39:15 | New RapperBot Campaign targets game servers with DDoS attacks (lien direct) | >Fortinet researchers discovered new samples of RapperBot used to build a botnet to launch Distributed DDoS attacks against game servers. Fortinet FortiGuard Labs researchers have discovered new samples of the RapperBot malware that are being used to build a DDoS botnet to target game servers. Researchers from FortiGuard Labs discovered the previously undetected RapperBot IoT […] | Malware | ||
|
2022-11-16 08:18:48 | (Déjà vu) Beginning 2023 Google plans to rollout the initial Privacy Sandbox Beta (lien direct) | >Google announced it will roll out the Privacy Sandbox system for Android in beta to a limited number of Android 13 devices in early 2023. Google announced it will roll out the Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year. The Privacy Sandbox aims at creating technologies to […] | |||
|
2022-11-15 23:16:16 | Happy birthday Security Affairs … 11 years together! (lien direct) | Happy BirthDay Security Affairs! Eleven years together! I launched Security Affairs for passion in November 2011 and since then the blog was visited by tens of millions of readers. Thank you! Eleven years ago I decided to launch Security Affairs, a blog that is considered today one of the most valuable sources of the cybersecurity […] | |||
|
2022-11-15 22:23:01 | (Déjà vu) Experts found critical RCE in Spotify\'s Backstage (lien direct) | >Researchers discovered a critical vulnerability impacting Spotify’s Backstage Software Catalog and Developer Platform. Researchers from the security firm Oxeye discovered a critical Remote Code Execution in Spotify's Backstage (CVSS Score of 9.8). Backstage is Spotify’s open-source platform for building developer portals, it's used by a several organizations, including American Airlines, Netflix, Splunk, Fidelity Investments and Epic Games. […] | Vulnerability | ||
|
2022-11-15 16:16:40 | Experts revealed details of critical SQLi and access issues in Zendesk Explore (lien direct) | >Researchers disclosed technical details of critical SQLi and access vulnerabilities in the Zendesk Explore Service. Cybersecurity researchers at Varonis disclosed technical details of critical SQLi and access vulnerabilities impacting the Zendesk Explore service. Zendesk Explore allows organizations to view and analyze key information about their customers, and their support resources. Threat actors would have allowed […] | Threat | ||
|
2022-11-15 14:08:12 | China-linked APT Billbug breached a certificate authority in Asia (lien direct) | >A suspected China-linked APT group breached a digital certificate authority in Asia as part of a campaign aimed at government agencies since March 2022. State-sponsored actors compromised a digital certificate authority in a country in Asia as part of a cyber espionage campaign aimed at multiple government agencies in the region, Symantec warns. Symantec attributes […] | |||
|
2022-11-15 10:16:53 | Google to Pay a record $391M fine for misleading users about the collection of location data (lien direct) | >Google is going to pay $391.5 million to settle with 40 states in the U.S. for secretly collecting personal location data. Google has agreed to pay $391.5 million to settle with 40 US states for misleading users about the collection of personal location data. The settlement is the largest attorney general-led consumer privacy settlement ever, […] | Guideline | ||
|
2022-11-15 08:46:34 | Previously undetected Earth Longzhi APT group is a subgroup of APT41 (lien direct) | >Trend Micro reported that the Earth Longzhi group, a previously undocumented subgroup of APT41, targets Ukraine and Asian Countries. Early this year, Trend Micro investigated a security breach suffered by a company in Taiwan. Threat actors employed a custom Cobalt Strike loader in the attack. Further analysis, revealed that the same threat actor targeted multiple regions […] | Threat Guideline | APT 41 | ★★★★ |
|
2022-11-15 08:33:20 | Avast details Worok espionage group\'s compromise chain (lien direct) | Cyber espionage group Worok abuses Dropbox API to exfiltrate data via using a backdoor hidden in apparently innocuous image files. Researchers from cybersecurity firm Avast observed the recently discovered espionage group Worok abusing Dropbox API to exfiltrate data via using a backdoor hidden in apparently innocuous image files. The experts started their investigation from the analysis published […] | ★★ | ||
|
2022-11-14 12:52:52 | KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks (lien direct) | >Researchers spotted a new evasive malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak credentials. Akamai Security Research discovered a new evasive Golang-based malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak login credentials. The malware was employed in cryptocurrency mining campaigns and to launch […] | Malware | ||
|
2022-11-14 09:18:41 | CERT-UA warns of multiple Somnia ransomware attacks against organizations in Ukraine (lien direct) | >Russian threat actors employed a new ransomware family called Somnia in attacks against multiple organizations in Ukraine. The Government Computer Emergency Response Team of Ukraine CERT-UA is investigating multiple attacks against organizations in Ukraine that involved a new piece of ransomware called Somnia. Government experts attribute the attacks to the group ‘From Russia with Love’ […] | Ransomware Threat | ||
|
2022-11-14 09:12:55 | Have board directors any liability for a cyberattack against their company? (lien direct) | >Are the directors of a company hit by a cyberattack liable for negligence in failing to take steps to limit the risk. As the risk of a cyberattack grows, it is pivotal to consider whether the directors of a company hit by a ransomware attack, for example, can bear any liability for negligence in failing […] | Ransomware | ||
|
2022-11-13 12:18:05 | Ukraine Police dismantled a transnational fraud group that made €200 million per year (lien direct) | >Ukraine’s Cyber Police and Europol arrested 5 Ukrainian citizens who are members of a large-scale transnational fraud group. Ukraine’s cyber police and Europol arrested five members of a transnational fraud group that caused more than 200 million losses per year. The arrests are the results of a joint operation conducted with the support of law […] | |||
|
2022-11-13 09:40:52 | (Déjà vu) Lockbit gang leaked data stolen from global high-tech giant Thales (lien direct) | >The Lockbit 3.0 ransomware gang started leaking the information allegedly stolen from the global high-tech company Thales. Thales is a global high-tech leader with more than 81,000 employees worldwide. The Group invests in digital and deep tech innovations – big data, artificial intelligence, connectivity, cybersecurity and quantum – to build a future of trust, essential […] | Ransomware Guideline | ||
|
2022-11-12 17:37:30 | $1 billion of FTX customer funds have vanished, Reuters reported (lien direct) | >Crypto exchange FTX appears to have been hacked, rumors state that attackers stole $600 million drained from the company’s wallets. Crypto exchange FTX is recommending users to delete FTX apps and avoid using its website, a circumstance that refutes the rumors that the rumors of a $600 million crypto heist. The owners of several wallets […] | |||
|
2022-11-12 14:53:58 | Malicious app in the Play Store spotted distributing Xenomorph Banking Trojan (lien direct) | Experts discovered two new malicious dropper apps on the Google Play Store distributing the Xenomorph banking malware. Zscaler ThreatLabz researchers discovered a couple of malicious dropper apps on the Play Store distributing the Xenomorph banking malware. Xenomorph was first spotted by ThreatFabric researchers in February 2022, at the time the malware was employed in attacks […] | Malware | ||
|
2022-11-12 11:35:10 | Canadian supermarket chain giant Sobeys suffered a ransomware attack (lien direct) | >Sobeys, the second-largest supermarket chain in Canada, was he victim of a ransomware attack conducted by the Black Basta gang. Sobeys Inc. is the second largest supermarket chain in Canada, the company operates over 1,500 stores operating across Canada under a variety of banners. It is a wholly-owned subsidiary of Empire Company Limited, a Canadian business conglomerate. During […] | Ransomware | ||
|
2022-11-11 23:07:47 | An initial access broker claims to have hacked Deutsche Bank (lien direct) | >An initial access broker claims to have hacked Deutsche Bank and is offering access to its systems for sale on Telegram. A threat actor (0x_dump) claims to have hacked the multinational investment bank Deutsche Bank and is offering access to its network for sale online. The security researcher Dominic Alvieri was one of the first experts […] | Threat | ||
|
2022-11-11 21:07:03 | Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware (lien direct) | >Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information. The campaigns involved a new piece of malware called […] | Malware Threat | ||
|
2022-11-11 11:54:05 | Man charged for role in LockBit ransomware operation (lien direct) | >The U.S. DoJ charged a Russian-Canadian national for his alleged role in LockBit ransomware attacks against organizations worldwide. The U.S. Department of Justice (DoJ) charged Mikhail Vasiliev, a dual Russian and Canadian national, for his alleged participation in the LockBit ransomware operation. According to the press release published by DoJ, the man is currently in custody in […] | Ransomware | ||
|
2022-11-11 10:04:15 | Researcher received a $70k award for a Google Pixel lock screen bypass (lien direct) | >Google fixed a high-severity security bug affecting all Pixel smartphones that can allow attackers to unlock the devices. Google has addressed a high-severity security bug, tracked as CVE-2022-20465, affecting all Pixel smartphones that could be exploited to unlock the devices. The Google Pixel Lock Screen Bypass was reported by security researcher David Schütz that was […] | |||
|
2022-11-11 08:28:28 | Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine (lien direct) | >Microsoft linked Prestige ransomware attacks against organizations in Ukraine and Poland to Russia-linked threat actors. In Mid-October, Microsoft Threat Intelligence Center (MSTIC) researchers uncovered previously undetected ransomware, tracked as Prestige ransomware, employed in attacks targeting organizations in the transportation and related logistics industries in Ukraine and Poland. The Prestige ransomware first appeared in the threat […] | Ransomware Threat | ||
|
2022-11-10 21:26:48 | Apple out-of-band patches fix remote code execution bugs in iOS and macOS (lien direct) | >Apple released out-of-band patches for iOS and macOS to fix a couple of code execution vulnerabilities in the libxml2 library. Apple released out-of-band patches for iOS and macOS to address two code execution flaws, tracked as CVE-2022-40303 and CVE-2022-40304, in the libxml2 library for parsing XML documents. The two vulnerabilities were discovered by Google Project […] | |||
|
2022-11-10 16:15:55 | Researchers warn of malicious packages on PyPI using steganography (lien direct) | >Experts discovered a malicious package on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. CheckPoint researchers discovered a malicious package, named ‘apicolor,’ on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. The malicious package infects PyPI users through open-source projects on Github. The […] | Malware | ||
|
2022-11-10 13:45:11 | A bug in ABB Totalflow flow computers exposed oil and gas companies to attack (lien direct) | >A flaw in the ABB Totalflow system used in oil and gas organizations could be exploited by an attacker to inject and execute arbitrary code. Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow computers and remote controllers. Flow computers are used to calculate volume and flow rates for oil […] | Vulnerability | ★★★★ | |
|
2022-11-10 10:41:13 | APT29 abused the Windows Credential Roaming in an attack against a diplomatic entity (lien direct) | >Russia-linked APT29 cyberespionage group exploited a Windows feature called Credential Roaming to target a European diplomatic entity. Mandiant researchers in early 2022 responded to an incident where the Russia-linked APT29 group (aka SVR group, Cozy Bear, Nobelium, and The Dukes) successfully phished a European diplomatic entity. The attack stands out for the use of the Windows Credential […] | APT 29 | ||
|
2022-11-10 07:21:53 | Lenovo warns of flaws that can be used to bypass security features (lien direct) | >Lenovo fixed two high-severity flaws impacting various laptop models that could allow an attacker to deactivate UEFI Secure Boot. Lenovo has released security updates to address a couple of high-severity vulnerabilities impacting various ThinkBook, IdeaPad, and Yoga laptop models. An attacker can exploit the flaws to disable UEFI Secure Boot. Secure Boot is a security feature […] | |||
|
2022-11-09 20:51:43 | Surveillance vendor exploited Samsung phone zero-days (lien direct) | >Google Project Zero researchers reported that a surveillance vendor is using three Samsung phone zero-day exploits. Google Project Zero disclosed three Samsung phone vulnerabilities, tracked as CVE-2021-25337, CVE-2021-25369 and CVE-2021-25370, that have been exploited by a surveillance company. The three issues are: The researchers pointed out that the surveillance firm included in its spyware the […] | |||
|
2022-11-09 13:31:43 | Experts observed Amadey malware deploying LockBit 3.0 Ransomware (lien direct) | >Experts noticed that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems. Researchers from AhnLab Security Emergency Response Center (ASEC) reported that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows […] | Ransomware Malware | ||
|
2022-11-09 11:54:36 | Microsoft Patch Tuesday updates fix 6 actively exploited zero-days (lien direct) | >Microsoft Patch Tuesday updates for November 2022 addressed 64 vulnerabilities, including six actively exploited zero-days. Microsoft Patch Tuesday updates for November 2022 addressed 64 new vulnerabilities in Microsoft Windows and Windows Components; Azure and Azure Real Time Operating System; Microsoft Dynamics; Exchange Server; Office and Office Components; SysInternals; Visual Studio; SharePoint Server; Network Policy Server […] | |||
|
2022-11-09 08:47:31 | VMware fixes three critical flaws in Workspace ONE Assist (lien direct) | >VMware address three critical bugs in the Workspace ONE Assist solution that allow remote attackers to bypass authentication and elevate privileges. VMware has released security updates to address three critical vulnerabilities impacting the Workspace ONE Assist product. Remote attackers can exploit the vulnerabilities to bypass authentication and elevate privileges to admin. Workspace ONE Assist allows […] | |||
|
2022-11-08 21:52:41 | Citrix ADC and Citrix Gateway are affected by a critical authentication bypass flaw (lien direct) | >Citrix released security updates to address a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. Citrix is urging customers to install security updates to address a critical authentication bypass issue, tracked as CVE-2022-27510, in Citrix ADC and Citrix Gateway. The company addressed the following three vulnerabilities: “Note that only appliances that are operating […] | Vulnerability | ★★★★ | |
|
2022-11-08 18:22:33 | SmokeLoader campaign distributes new Laplas Clipper malware (lien direct) | >Researchers observed a SmokeLoader campaign that is distributing a new clipper malware dubbed Laplas Clipper that targets cryptocurrency users. Cyble researchers uncovered a SmokeLoader campaign that is distributing community malware, such as SystemBC and Raccoon Stealer 2.0, along with a new clipper malware tracked as Laplas. The experts detected more than 180 different samples of the clipper […] | Malware | ||
|
2022-11-08 09:45:36 | Medibank confirms ransomware attack impacting 9.7M customers, but doesn\'t pay the ransom (lien direct) | Australian health insurer Medibank confirmed that personal data belonging to around 9.7 million current and former customers were exposed as a result of a ransomware attack. Medibank announced that personal data belonging to around 9.7M of current and former customers were exposed as a result of a recent ransomware attack. Medibank is one of the […] | Ransomware | ||
|
2022-11-08 08:15:03 | US DoJ seizes $3.36B Bitcoin from Silk Road hacker (lien direct) | >The U.S. Department of Justice condemned James Zhong, a hacker who stole 50,000 bitcoins from the Silk Road dark net marketplace. The US Department of Justice announced that a man from Georgia, James Zhong, has pleaded guilty to wire fraud after stealing more than 50,000 bitcoins from the Silk Road. Zhong pled guilty to money […] | Guideline | ||
|
2022-11-07 19:52:34 | \'Justice Blade\' Hackers are Targeting Saudi Arabia (lien direct) | Threats actors calling themselves “Justice Blade” published leaked data from an outsourcing IT vendor. The group of threat actors calling themselves ‘Justice Blade’ published leaked data from Smart Link BPO Solutions, an outsourcing IT vendor working with major enterprises and government agencies in the Kingdom of Saudi Arabia and other countries in the GCC. The […] | Threat | ||
|
2022-11-07 18:00:06 | Robin Banks phishing-as-a-service platform continues to evolve (lien direct) | >The phishing-as-a-service (PhaaS) platform Robin Banks migrated its infrastructure to DDoS-Guard, a Russian bulletproof hosting service. The phishing-as-a-service (PhaaS) platform Robin Banks was originally hosted by Cloudflare provider, but the company in July disassociated Robin Banks phishing infrastructure from its services after being informed. The move caused a multi-day disruption to PhaaS operations, then the administrators […] | |||
|
2022-11-07 11:36:01 | Water sector in the US and Israel still unprepared to defeat cyber attacks (lien direct) | >Expert warns that the US and Israel are still unprepared to defeat a cyber attack against organizations in the water sector. Ariel Stern, a former Israeli Air Force captain, warns that the US and Israel are still unprepared to defeat a cyber attack against the water sector that could be orchestrated by enemy states like […] | |||
|
2022-11-07 07:33:17 | UK NCSC govt agency is scanning the Internet for flawed devices in the UK (lien direct) | >The UK National Cyber Security Centre (NCSC) announced that is scanning all Internet-exposed devices hosted in the UK for vulnerabilities. The United Kingdom’s National Cyber Security Centre (NCSC) is scanning all Internet-exposed devices hosted in the United Kingdom for vulnerabilities. The UK agency aims at secure these devices reporting the discovered vulnerabilities to their owners. […] | |||
|
2022-11-07 06:05:45 | Abusing Microsoft Dynamics 365 Customer Voice in phishing attacks (lien direct) | >Researchers uncovered a campaign abusing Microsoft Dynamics 365 customer voice to steal credentials from the victims. Microsoft’s Dynamics 365 Customer Voice product allows organizations to gain customer feedback, it is used to conduct customer satisfaction surveys. Researchers from cybersecurity firm Avanan, uncovered a campaign abusing Microsoft Dynamics 365 customer voice to steal credentials from the […] | |||
|
2022-11-06 17:17:54 | LockBit 3.0 gang claims to have stolen data from Kearney & Company (lien direct) | The ransomware group LockBit claimed to have stolen data from consulting and IT services provider Kearney & Company. Kearney is the premier CPA firm that services across the financial management spectrum to government entities. The company provides audit, consulting and IT services to the United States government. It has helped the Federal Government improve its […] | Ransomware | ||
|
2022-11-06 13:51:03 | A cyberattack blocked the trains in Denmark (lien direct) | >At the end of October, a cyber attack caused the trains to stop in Denmark, the attack hit a third-party IT service provider. A cyber attack caused training the trains operated by DSB to stop in Denmark the last weekend, threat actors hit a third-party IT service provider. The attack hit the Danish company Supeo […] | Threat | ||
|
2022-11-05 21:34:11 | 29 malicious PyPI packages spotted delivering the W4SP Stealer (lien direct) | >Cybersecurity researchers discovered 29 malicious PyPI packages delivering the W4SP stealer to developers’ systems. Cybersecurity researchers have discovered 29 packages in the official Python Package Index (PyPI) repository designed to infect developers’ systems with an info-stealing malware dubbed W4SP Stealer. “It appears that these packages are a more sophisticated attempt to deliver the W4SP Stealer on […] | Malware | ||
|
2022-11-05 17:30:47 | Zero-day are exploited on a massive scale in increasingly shorter timeframes (lien direct) | >Microsoft warns of an uptick among threat actors increasingly using publicly-disclosed zero-day exploits in their attacks. According to the Digital Defense Report published by Microsoft, threat actors are increasingly leveraging publicly-disclosed zero-day vulnerabilities to target organizations worldwide. The researchers noticed a reduction in the time between the announcement of a vulnerability and the commoditization of […] | Vulnerability Threat | ||
|
2022-11-04 13:51:55 | (Déjà vu) RomCom RAT campaigns abuses popular brands like KeePass and SolarWinds NPM (lien direct) | >A new campaign spreading RomCom RAT impersonates popular software brands like KeePass, and SolarWinds. The threat actor behind the RomCom RAT (remote access trojan) has refreshed its attack vector and is now abusing well-known software brands for distribution. Researchers from BlackBerry uncovered a new RomCom RAT campaign impersonating popular software brands like KeePass, and SolarWinds. […] | Threat | ||
|
2022-11-04 10:09:39 | The 10th edition of the ENISA Threat Landscape (ETL) report is out! (lien direct) | >I'm proud to announce the release of the 10th edition of the ENISA Threat Landscape (ETL) on the state of the cybersecurity threat landscape. The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2022 (ETL) report, which is the annual analysis of the state of the cybersecurity threat landscape. This is the 10th edition of the […] | Threat |
To see everything:
Our RSS (filtrered)
