What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-10-24 07:24:29 | (Déjà vu) Security experts targeted with malicious CVE PoC exploits on GitHub (lien direct) | >Researchers discovered thousands of GitHub repositories that offer fake proof-of-concept (PoC) exploits for various flaws used to distribute malware. A team of researchers at the Leiden Institute of Advanced Computer Science (Soufian El Yadmani, Robin The, Olga Gadyatskaya) discovered thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for multiple vulnerabilities. The experts analyzed PoCs shared on […] | |||
|
2022-10-23 17:15:39 | Hackers stole sensitive data from Iran\'s atomic energy agency (lien direct) | >Iran's atomic energy agency claims that alleged state-sponsored hackers have compromised its email system. Iran's atomic energy agency revealed on Sunday that a nation-state actor had access to a subsidiary's network and free access to its email system, the Associated Press reports. The Iranian government has yet to attribute the attack to a specific The […] | |||
|
2022-10-23 13:15:02 | Wholesale giant METRO confirmed to have suffered a cyberattack (lien direct) | >International cash and carry giant METRO suffered this week IT infrastructure outages following a cyberattack. International cash and carry giant METRO was hit by a cyberattack that caused IT infrastructure outages. Metro employs more than 95,000 people in 681 stores worldwide, most of them in Germany, its sales reached 24.8 billion euros in 2020. The […] | |||
|
2022-10-22 17:05:23 | Daixin Team targets health organizations with ransomware, US agencies warn (lien direct) | >US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. Healthcare and Public Health sector with ransomware. CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. businesses, mainly in the Healthcare and Public Health (HPH) Sector, […] | |||
|
2022-10-22 15:31:57 | Threat actors exploit critical flaw in VMware Workspace ONE Access to drop ransomware, miners (lien direct) | >Threat actors are exploiting a now-patched vulnerability, tracked as CVE-2022-22954, in VMware Workspace ONE Access in attacks in the wild. Threat actors are actively exploiting a now-patched vulnerability, tracked as CVE-2022-22954, in VMware Workspace ONE Access to deliver cryptocurrency miners and ransomware. The issue causes server-side template injection due to because of the lack of […] | Threat | ||
|
2022-10-21 23:02:44 | EnergyAustralia Electricity company discloses security breach (lien direct) | >Electricity company EnergyAustralia suffered a security breach, threat actors had access to information on 323 customers. Another Australian organization was hit by a severe cyber attack, this time the victim is the Electricity company EnergyAustralia. EnergyAustralia is the country's third-largest energy retailer. The company confirmed that threat actors had access to information on 323 residential and […] | Threat | ||
|
2022-10-21 20:51:28 | Experts warn of CVE-2022-42889 Text4Shell exploit attempts (lien direct) | >Wordfence researchers warn of exploitation attempts targeting the recently disclosed flaw in Apache Commons Text dubbed Text4Shell. Experts at WordPress security firm Wordfence reported exploitation attempts targeting the recently disclosed flaw in Apache Commons Text dubbed Text4Shell. GitHub's threat analyst Alvaro Munoz this week disclosed a remote code execution vulnerability, tracked as CVE-2022-42889 (CVSS score 9.8), in the open-source Apache Commons […] | Threat | ||
|
2022-10-21 13:47:59 | CISA adds Linux kernel flaw CVE-2021-3493 to its Known Exploited Vulnerabilities Catalog (lien direct) | >CISA added a Linux kernel vulnerability, tracked as CVE-2021-3493, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added a Linux kernel vulnerability, tracked as CVE-2021-3493, to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the […] | |||
|
2022-10-21 10:15:49 | GUAC – A Google Open Source Project to secure software supply chain (lien direct) | >Google launched the Graph for the Understanding Artifact Composition (GUAC) project, to secure the software supply chain. Google this week launched a new project named Graph for Understanding Artifact Composition (GUAC) which aims at securing the software supply chain. The IT giant is seeking contributors to the new project. “GUAC, or Graph for Understanding Artifact Composition, is in the […] | |||
|
2022-10-21 07:50:12 | News URSNIF variant doesn\'t support banking features (lien direct) | A new variant of the popular Ursnif malware is used as a backdoor to deliver next-stage payloads and steal sensitive data. Mandiant researchers warn of a significant shift from Ursnif‘s original purpose, the malware initially used in banking frauds is now used to deliver next-stage payloads and steal sensitive data. The new variant, first observed […] | Malware | ||
|
2022-10-21 05:23:28 | Healthcare system Advocate Aurora Health data breach potentially impacted 3M patients (lien direct) | >Healthcare system Advocate Aurora Health (AAH) disclosed a data breach that exposed the personal data of 3,000,000 patients. The US-based hospital healthcare system Advocate Aurora Health (AAH) disclosed a data breach that exposed the personal data of 3,000,000 patients. The company is notifying the impacted individuals. The healthcare system operates 26 hospitals in Wisconsin and […] | Data Breach | ||
|
2022-10-20 18:09:07 | Experts spotted a new undetectable PowerShell Backdoor posing as a Windows update (lien direct) | >Cybersecurity researchers warn of a new PowerShell backdoor that disguises itself as part of the Windows update process to avoid detection. Cybersecurity researchers from SafeBreach a warning of a new PowerShell backdoor masqueraded as a Windows update process to avoid detection. The backdoor spreads via weaponized Word documents (“Apply Form.docm.”) posing as a LinkedIn-based job […] | |||
|
2022-10-20 16:07:14 | BlueBleed: Microsoft confirmed data leak exposing customers\' info (lien direct) | >Microsoft disclosed a data leak, sensitive data of some of its customers were exposed by a misconfigured Microsoft server accessible online. Microsoft announced that sensitive data belonging to some of its customers were exposed on the Internet due to a misconfigured Microsoft server. The data leak was discovered by the security threat intelligence firm SOCRadar […] | Threat | ||
|
2022-10-20 11:22:33 | Internet disruptions observed as Russia targets critical infrastructure in Ukraine (lien direct) | >While the Russian army is conducting coordinated missile and drone strikes in Ukraine experts observed Internet disruptions in the country. Starting on the morning of Monday, October 10, the Russian army is targeting several cities in Ukraine with coordinated missile and drone strikes. The escalation is a retaliation for the bombing of a bridge connecting […] | |||
|
2022-10-20 09:53:51 | Brazilian police arrested a man suspected of being a member of LAPSUS$ gang (lien direct) | >The Federal Police of Brazil arrested an individual who is suspected of being a member of the notorious LAPSUS$ extortionist group. The Federal Police of Brazil yesterday announced the arrest of an individual suspected of being linked to the LAPSUS$ extortionist gang. The authorities did not disclose info about the individual, it seems that the […] | |||
|
2022-10-20 06:00:37 | Experts discovered millions of .git folders exposed to public (lien direct) | >Nearly two million .git folders containing vital project information are exposed to the public, the Cybernews research team found. Original Post at https://cybernews.com/security/millions-git-folders-exposed/ Git is the most popular open-source, distributed version control system (VCS) developed nearly 20 years ago by Linus Torvalds for development of the Linux kernel, with other kernel developers contributing to its initial […] | |||
|
2022-10-19 22:50:57 | Text4Shell, a remote code execution bug in Apache Commons Text library (lien direct) | >Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub’s threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache Commons Text library. Apache Commons Text is a library focused on algorithms working on strings. The vulnerability, dubbed “Text4Shell,” is an unsafe script evaluation issue […] | Vulnerability Threat | ||
|
2022-10-19 15:14:05 | Researchers share of FabriXss bug impacting Azure Fabric Explorer (lien direct) | >Cybersecurity researchers published technical details about a now-patched FabriXss flaw that impacts Azure Fabric Explorer. Orca Security researchers have released technical details about a now-patched FabriXss vulnerability, tracked as CVE-2022-35829 (CVSS 6.2), that impacts Azure Fabric Explorer. An attacker can exploit the vulnerability to gain administrator privileges on the cluster. In order to exploit this flaw, an […] | Vulnerability | ||
|
2022-10-19 13:07:36 | The missed link between Ransom Cartel and REvil ransomware gangs (lien direct) | >Researchers at Palo Alto Network’s Unit 42 linked the Ransom Cartel ransomware operation to the REvil ransomware operations. Researchers at Palo Alto Network’s Unit 42 have linked the relatively new Ransom Cartel ransomware operation with the notorious REvil cybercrime gang. The REvil group was one of the most active ransomware gangs in the first half […] | Ransomware | ||
|
2022-10-19 05:19:19 | Microsoft Office 365 Message Encryption (OME) doesn\'t ensure confidentiality (lien direct) | A bug in the message encryption mechanism used by Microsoft in Office 365 can allow to access the contents of the messages. Researchers at the cybersecurity firm WithSecure discovered a bug in the message encryption mechanism used by Microsoft in Office 365 that can allow to access message contents due. The experts pointed out that Microsoft Office […] | |||
|
2022-10-18 15:48:58 | Law enforcement arrested 31 suspects for stealing cars by hacking key fobs (lien direct) | >An international law enforcement operation led by Europol disrupted a cybercrime ring focused on hacking wireless key fobs to steal cars. The French authorities in cooperation with their Spanish and Latvian peers, and with the support of Europol and Eurojust, have dismantled a cybercrime organization specializing in the theft of cars by hacking key fobs. […] | |||
|
2022-10-18 14:15:09 | China-linked APT41 group targets Hong Kong with Spyder Loader (lien direct) | >China-linked threat actors APT41 (a.k.a. Winnti) targeted organizations in Hong Kong, in some cases remaining undetected for a year. Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that is a likely continuation of the Operation CuckooBees activity detailed by Cybereason in May. Winnti (aka APT41, Axiom, Barium, Blackfly) is a cyberespionage […] | Threat Guideline | APT 41 APT 17 | |
|
2022-10-18 12:27:39 | Critical Remote Code Execution issue impacts popular post-exploitation toolkit Cobalt Strike (lien direct) | >HelpSystems, the company that developed the Cobalt Strike platform, addressed a critical remote code execution vulnerability in its software. HelpSystems, the company that developed the commercial post-exploitation toolkit Cobalt Strike, addressed a critical remote code execution vulnerability, tracked as CVE-2022-42948, in its platform. The company released an out-of-band security update to address the remote code […] | Vulnerability | ||
|
2022-10-18 07:56:50 | Over 17000 Fortinet devices exposed online are very likely vulnerable to CVE-2022-40684 (lien direct) | >Fortinet confirmed that many systems are still vulnerable to attacks exploiting the CVE-2022-40684 zero-day vulnerability. Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability. Unfortunately, the number of devices that have yet to be patched is still high. “After multiple notifications from Fortinet over the past week, there are still a significant number of […] | |||
|
2022-10-18 07:11:17 | CVE-2022-28762: Zoom for macOS contains a debugging port misconfiguration (lien direct) | >Video messaging company Zoom fixed a high-severity vulnerability, tracked as CVE-2022-28762, in Zoom Client for Meetings for macOS. Zoom Client for Meetings for macOS (Standard and for IT Admin) is affected by a debugging port misconfiguration. The issue, tracked as CVE-2022-28762, received a CVSS severity score of 7.3. When the camera mode rendering context is […] | |||
|
2022-10-17 19:15:18 | Retail giant Woolworths discloses data breach of MyDeal online marketplace (lien direct) | >Australian retail giant Woolworths disclosed a data breach that impacted approximately 2.2 million MyDeal customers. Bad news for the customers of the MyDeal online marketplace, the Australian retail giant Woolworths disclosed a data breach that impacted approximately 2.2 million of them. As soon the company became aware of the security breach it blocked access to […] | Data Breach | ||
|
2022-10-17 15:00:10 | New UEFI rootkit Black Lotus offered for sale at $5,000 (lien direct) | >Black Lotus is a new, powerful Windows UEFI rootkit advertised on underground criminal forums, researcher warns. Cybersecurity researcher Scott Scheferman reported that a new Windows UEFI rootkit, dubbed Black Lotus, is advertised on underground criminal forums. The powerful malware is offered for sale at $5,000, with $200 payments per new updates. The researcher warns that […] | Malware | ||
|
2022-10-17 13:19:48 | Japanese tech firm Oomiya hit by LockBit 3.0. Multiple supply chains potentially impacted (lien direct) | >The IT infrastructure of the Japanese tech company Oomiya was infected with the LockBit 3.0 ransomware. One of the affiliates for the LockBit 3.0 RaaS hit the Japanese tech company Oomiya. Oomiya is focused on designing and manufacturing microelectronics and facility system equipment. The business of Omiya Kasei is divided into four major areas, manufacturing and designing […] | |||
|
2022-10-17 10:54:25 | Bulgaria hit by a cyber attack originating from Russia (lien direct) | >Government institutions in Bulgaria have been hit by a cyber attack during the weekend, experts believe it was launched by Russian threat actors. The infrastructure of government institutions in Bulgaria has been hit by a massive DDoS attack. The attack started on Saturday and experts believe that it was orchestrated by Russian threat actors. The […] | Threat | ||
|
2022-10-17 08:36:26 | Interpol arrested 75 members of the cybercrime ring Black Axe (lien direct) | >Interpol has announced the arrests of 75 individuals as part of a coordinated international operation against an organized cybercrime ring called Black Axe. Interpol arrested 75 individuals as part of a coordinated global operation, codenamed Operation Jackal, against the cybercrime ring Black Axe. The operation involved law enforcement bodies in 14 countries (Argentina, Australia, Côte d’Ivoire, France, […] | |||
|
2022-10-17 07:01:49 | 45,654 VMware ESXi servers reached End of Life on Oct. 15 (lien direct) | >Lansweeper warns that over 45,000 VMware ESXi servers exposed online have reached end-of-life (EOL), making them an easy target for attackers. IT Asset Management software provider Lansweeper has scanned the Internet for VMware ESXi servers and found over 45,000 instances that have reached end-of-life (EOL). The company discovered 79,000 VMware ESXi instances operated by 6.000 […] | |||
|
2022-10-16 23:22:16 | Mysterious Prestige ransomware targets organizations in Ukraine and Poland (lien direct) | >Microsoft warns that new Prestige ransomware is targeting transportation and logistics organizations in Ukraine and Poland. Microsoft reported that new Prestige ransomware is being used in attacks aimed at transportation and logistics organizations in Ukraine and Poland. The Prestige ransomware first appeared in the threat landscape on October 11 in attacks occurring within an hour […] | Ransomware Threat | ||
|
2022-10-16 14:09:51 | (Déjà vu) Threat actors hacked hundreds of servers by exploiting Zimbra CVE-2022-41352 bug (lien direct) | >Threat actors have compromised hundreds of servers exploiting critical flaw CVE-2022-41352 in Zimbra Collaboration Suite (ZCS). Last week, researchers from Rapid7 warned of the exploitation of unpatched zero-day remote code execution vulnerability, tracked as CVE-2022-41352, in the Zimbra Collaboration Suite. Rapid7 has published technical details, including a proof-of-concept (PoC) code and indicators of compromise (IoCs) regarding […] | |||
|
2022-10-15 16:41:24 | New PHP Version of Ducktail info-stealer hijacks Facebook Business accounts (lien direct) | >Experts spotted a PHP version of an information-stealing malware called Ducktail spread as cracked installers for legitimate apps and games. Zscaler researchers discovered a PHP version of an information-stealing malware tracked as Ducktail. The malicious code is distributed as free/cracked application installers for a variety of applications including games, Microsoft Office applications, Telegram, and others. Ducktail has been […] | Malware | ||
|
2022-10-15 12:58:39 | Palo Alto Networks fixed a high-severity auth bypass flaw in PAN-OS (lien direct) | >Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software. Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 software. “An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker […] | Vulnerability | ||
|
2022-10-15 10:22:50 | Indian power generation giant Tata Power hit by a cyber attack (lien direct) | >Tata Power Company Limited, India’s largest power generation company, announced it was hit by a cyberattack. Tata Power on Friday announced that was hit by a cyber attack. Threat actors hit the Information Technology (IT) infrastructure of the company. The company confirmed that the security breach impacted “some of its IT systems.” “The Tata Power Company […] | Threat | ||
|
2022-10-14 22:29:57 | Experts disclose technical details of now-patched CVE-2022-37969 Windows Zero-Day (lien direct) | >Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) flaw is a Windows Common Log File System Driver Elevation of Privilege Vulnerability. The Common Log File System (CLFS) is a general-purpose logging subsystem that can be used by applications running in both kernel mode […] | |||
|
2022-10-14 15:10:29 | WIP19, a new Chinese APT targets IT Service Providers and Telcos (lien direct) | >Chinese-speaking threat actor, tracked as WIP19, is targeting telecommunications and IT service providers in the Middle East and Asia. SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications and IT service providers in the Middle East and Asia. The experts believe the group operated for cyber espionage purposes and is […] | Threat | ||
|
2022-10-14 09:37:35 | Experts released PoC exploit code for critical bug CVE-2022-40684 in Fortinet products (lien direct) | >Experts released the PoC exploit code for the authentication bypass flaw CVE-2022-40684 in FortiGate firewalls and FortiProxy web proxies. A proof-of-concept (PoC) exploit code for the authentication bypass vulnerability CVE-2022-40684 (CVSS score: 9.6) in FortiGate firewalls and FortiProxy web proxies has been released online. The vulnerability impacts FortiOS versions from 7.0.0 to 7.0.6 and from […] | Vulnerability | ||
|
2022-10-14 08:33:52 | DJI drone tracking data exposed in the US (lien direct) | >Over 80,000 drone IDs were exposed in the leak of a database containing information from airspace monitoring devices manufactured by DJI. Original post at CyberNews: https://cybernews.com/privacy/dji-drone-tracking-data-exposed-in-us/ Over 80,000 drone IDs were exposed in a data leak after a database containing information from dozens of airspace monitoring devices manufactured by the Chinese-owned DJI was left accessible […] | |||
|
2022-10-13 23:10:45 | China-linked Budworm APT returns to target a US entity (lien direct) | >The Budworm espionage group resurfaced targeting a U.S.-based organization for the first time, Symantec Threat Hunter team reported. The Budworm cyber espionage group (aka APT27, Bronze Union, Emissary Panda, Lucky Mouse, TG-3390, and Red Phoenix) is behind a series attacks conducted over the past six months against a number of high-profile targets, including the government of […] | Threat | APT 27 | |
|
2022-10-13 15:43:51 | (Déjà vu) Cloudflare blocked a 2.5 Tbps DDoS attack aimed at the Minecraft server (lien direct) | >Cloudflare mitigated a record distributed denial-of-service (DDoS) attack against Wynncraft, one of the largest Minecraft servers. Cloudflare announced it has mitigated a record distributed denial-of-service (DDoS) attack against Wynncraft, one of the largest Minecraft servers. The Cloudflare DDoS threat report 2022 Q3 states that multi-terabit massive DDoS attacks have become increasingly frequent. In Q3, the […] | Threat | ||
|
2022-10-13 14:59:19 | The discovery of Alchimist C2 tool, revealed a new attack framework to target Windows, macOS, and Linux systems (lien direct) | >Experts discovered a new attack framework, including a C2 tool dubbed Alchimist, used in attacks against Windows, macOS, and Linux systems. Researchers from Cisco Talos discovered a new, previously undocumented attack framework that included a C2 dubbed Alchimist. The framework is likely being used in attacks aimed at Windows, macOS, and Linux systems. The experts […] | Tool | ||
|
2022-10-13 10:14:00 | POLONIUM APT targets Israel with a new custom backdoor dubbed PapaCreep (lien direct) | >An APT group tracked as Polonium employed custom backdoors in attacks aimed at Israelian entities since at least September 2021. POLONIUM APT focused only on Israeli targets, it launched attacks against more than a dozen organizations in various industries, including engineering, information technology, law, communications, branding and marketing, media, insurance, and social services. Microsoft MSTIC […] | |||
|
2022-10-13 07:29:58 | YoWhatsApp, unofficial WhatsApp Android app spreads the Triada Trojan (lien direct) | >Kaspersky researchers warn of a recently discovered malicious version of a popular WhatsApp messenger mod dubbed YoWhatsApp. Kaspersky researchers discovered an unofficial WhatsApp Android application named ‘YoWhatsApp’ that steals access keys for users’ accounts. Mod apps are advertised as unofficial versions of legitimate apps that have features that the official one does not supports. YoWhatsApp is […] | |||
|
2022-10-12 21:26:16 | Aruba fixes critical vulnerabilities in EdgeConnect Enterprise Orchestrator (lien direct) | >Aruba addressed multiple critical severity vulnerabilities in the EdgeConnect Enterprise Orchestrator. Aruba addressed multiple critical severity vulnerabilities in the EdgeConnect Enterprise Orchestrator that can be exploited by remote attackers to compromise the vulnerable host. Aruba EdgeConnect Orchestrator is a centralized SD-WAN management solution that allows enterprises to control their WAN. Below are the vulnerabilities addressed […] | |||
|
2022-10-12 15:41:34 | Microsoft Patch Tuesday for October 2022 doesn\'t fix Exchange Server flaws (lien direct) | Microsoft Patch Tuesday security updates for October 2022 addressed a total of 85 security vulnerabilities, including an actively exploited zero-day. Microsoft Patch Tuesday security updates for October 2022 addressed 85 new vulnerabilities in multiple products, including Microsoft Windows and Windows Components; Azure, Azure Arc, and Azure DevOps; Microsoft Edge (Chromium-based); Office and Office Components; Visual Studio […] | |||
|
2022-10-12 05:54:56 | LockBit affiliates compromise Microsoft Exchange servers to deploy ransomware (lien direct) | >Lockbit ransomware affiliates are compromising Microsoft Exchange servers to deploy their ransomware, experts warn. South-Korean cybersecurity firm AhnLab reported that Lockbit ransomware affiliates are distributing their malware via compromised Microsoft Exchange servers. In July 2022, two servers operated by a customer of the security firm were infected with LockBit 3.0 ransomware. Threat actors initially deployed […] | Ransomware Malware Threat | ||
|
2022-10-11 16:56:09 | Caffeine, a new Phishing-as-a-Service toolkit available in the underground (lien direct) | >Researchers warn of a new phishing-as-a-service (PhaaS) toolkit, called Caffeine, which is being used by cybercriminals. In March 2022, Mandiant researchers discovered threat actors using a shared Phishing-as-a-Service (PhaaS) platform called Caffeine. The experts noticed that the toolkit has an intuitive interface and supports multiple features that allow customers to easily arrange phishing campaigns. The service […] | Threat | ||
|
2022-10-11 10:40:22 | Experts analyzed the evolution of the Emotet supply chain (lien direct) | >Threat actors behind the Emotet bot are continually improving their tactics, techniques, and procedures to avoid detection. VMware researchers have analyzed the supply chain behind the Emotet malware reporting that its operators are continually shifting their tactics, techniques, and procedures to avoid detection. The Emotet banking trojan has been active at least since 2014, the botnet is operated by […] | Malware |
To see everything:
Our RSS (filtrered)
